package com.xwaf.platform.web.controller.gateway;

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import com.xwaf.platform.common.api.CommonResponse;
import com.xwaf.platform.common.api.constants.RedisKeys;
import com.xwaf.platform.common.api.entity.TokenInfo;
import com.xwaf.platform.common.api.enums.DeviceType;
import com.xwaf.platform.common.api.exception.BusinessException;
import com.xwaf.platform.common.redis.util.RedisUtil;
import com.xwaf.platform.common.web.BaseController;
import com.xwaf.platform.system.api.constants.SysConfigConstant;
import com.xwaf.platform.system.api.entity.auth.User;
import com.xwaf.platform.system.api.service.auth.UserService;
import com.xwaf.platform.system.api.service.gateway.TokenService;
import com.xwaf.platform.web.util.VerifyCodeUtils;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;

@RestController
@Api(tags = "登录")
@RequestMapping(value = "/auth/")
public class LoginController extends BaseController {

	@Autowired
	private UserService userService;

	@Autowired
	private TokenService tokenService;

	@Autowired
	private RedisUtil redisUtil;

	@ApiOperation(value = "登录", notes = "登录", httpMethod = "POST", response = TokenInfo.class, produces = MediaType.APPLICATION_JSON_VALUE)
	@PostMapping("/login")
	public CommonResponse login(@RequestParam(value = "username", required = true) String username,
			@RequestParam(value = "password", required = true) String password) throws Exception {
		if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
			throw new UnknownAccountException("账号或密码不能为空");
		}
		// 用户信息
		User user = userService.queryByUserName(username);
		if (user == null) {
			throw new UnknownAccountException("账号不存在");
		}
		// if (!(user.getPassword()).equals(
		// Md5Util.getMd5Value(password,SysConfigConstant.LOGIN_MD5_KEY))
		// ) {
		if (!(user.getPassword()).equals(new Sha256Hash(password, SysConfigConstant.LOGIN_MD5_KEY).toHex())) {
			throw new BusinessException("密码错误");
		}
		if (user.getLock().equals("1")) {
			throw new LockedAccountException("账号已被锁定");
		}
		// 登录无token过期这一说
		// 申请 token，并保存到数据库和缓存
		TokenInfo applyToken = tokenService.applyToken(user, DeviceType.PC.name(), getRemoteAddr());
		return CommonResponse.createCommonResponse(applyToken);
	}

	@ApiOperation("生成验证码")
	@GetMapping(value = "/code", produces = "application/json;charset=UTF-8")
	public void deleteUser(HttpServletRequest request, HttpServletResponse response) throws IOException {
		response.setHeader("Pragma", "No-cache");
		response.setHeader("Cache-Control", "no-cache");
		response.setDateHeader("Expires", 0);
		response.setContentType("image/jpeg");
		// 生成随机字串
		String verifyCode = VerifyCodeUtils.generateVerifyCode(4);
		redisUtil.set(RedisKeys.VERIFY_CODE + verifyCode, verifyCode, 60L);
		// 生成图片
		VerifyCodeUtils.outputImage(100, 40, response.getOutputStream(), verifyCode);
	}

	public static void main(String[] args) {
		// sha256加密
		// 65208c9a75d8d66644ff75ace107b3fd88586bf2c2a84978083cb64ea5338565
		String password = new Sha256Hash("123456", SysConfigConstant.LOGIN_MD5_KEY).toHex();
		// sha256加密
		String newPassword = new Sha256Hash("123456", SysConfigConstant.LOGIN_MD5_KEY).toHex();
		System.out.println(password);
		System.out.println(newPassword);

	}
}
